US10637851B2 - Introducing an identity into a secure element - Google Patents
Introducing an identity into a secure element Download PDFInfo
- Publication number
- US10637851B2 US10637851B2 US15/536,247 US201515536247A US10637851B2 US 10637851 B2 US10637851 B2 US 10637851B2 US 201515536247 A US201515536247 A US 201515536247A US 10637851 B2 US10637851 B2 US 10637851B2
- Authority
- US
- United States
- Prior art keywords
- secure
- key
- datum
- final
- temporary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H04W12/0023—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
Definitions
- a symmetric secure-element key is derived from a symmetric master key and an individual information item, such as e.g. a chip serial number or a random number.
Abstract
A method for introducing an identity into a secure element includes an operating system loaded into the secure element, which comprises a master key which is identical for a plurality of secure elements. A secure-element key datum is generated employing the master key. The secure-element key datum is configured as a temporary secure-element key datum, which, upon an initial authentication of the secure element vis-à-vis the background system, is replaced by a final secure-element key datum which is independent of the master key by employing the temporary secure-element key datum and is itself rendered invalid for further authentications.
Description
The invention relates to a method for introducing an identity into a secure element.
For using a mobile terminal, such as a smart phone or mobile phone, in a mobile communication network of a network operator, the terminal contains a secure element. A further and commonly used term for the secure element in the mobile communication field is subscriber identity module. The secure element can be configured either as a removable plug-in SIM card (SIM=Subscriber Identity Module) or USIM card (Universal SIM) or UICC (Universal Integrated Circuit Card), or alternatively as a permanently soldered in eUICC (embedded UICC) or eSIM or eUSIM.
In the production of secure elements an individual identity must be introduced into each secure element. Subsequently a subscription can be loaded into the secure element, which comprises data sets (e.g. keys) for use of the terminal in the mobile communication network. The subscription does not form the object of the invention. The identity usually comprises two components. A first component is an anonymous number called ID. A second component is a key set consisting of one or a plurality of secure-element keys associated with the ID. Each ID must be assigned uniquely. An ID must not be assigned twice. As the secure-element key optionally either a symmetric or an asymmetric key can be provided.
One known method for introducing the identity into a secure element is the individual personalization of each single secure element. Here, personalization data have to be implemented in each single secure element at a personalization station in a production environment. This process is slow and in particular takes a lot of time within the production environment and is therefore expensive.
Outside the mobile communication field, it is known to have a secure element individualize itself on the basis of a universal master key. For this purpose, the same identical operating system (OS) comprising the master key is loaded into each secure element of a batch of secure elements. Starting from the master key and an individual information item (e.g. a chip serial number of a chip contained in the secure element or a random number) each secure element derives internally an individual secure-element key. The master key is administrated by a certification body that can later verify the authenticity of secure-element keys by means of the master key, so that only such secure-element keys are recognized as genuine which are derived from or with the master key. When a random number is employed, there is a risk of collision between secure-element keys of different secure elements, i.e. the individuality of the secure-element key is not automatically ensured. Such a downstream generation of secure-element keys has the advantage that in the production environment only the operating system identical for all secure elements has to be programmed. The time-consuming individualization can be effected outside of the production environment, for example by the end user, thus not blocking any production resources. A weak point of the method is that when the master key becomes known, secure-element keys which are recognized as genuine upon verification can be derived without authorization.
There are in principle two possibilities for deriving a secure-element key from a master key, namely a symmetric and an asymmetric key derivation method.
In the symmetric key derivation method a symmetric secure-element key is derived from a symmetric master key and an individual information item, such as e.g. a chip serial number or a random number.
In the asymmetric key derivation method, a public-private key pair comprising a public key and the corresponding (secret) private key is generated by the secure element. As the master key, the private key of the certification body is provided in this case. The secure element generates a secure-element signature by signing its own public key with the master key, thus the private key of the certification body. For checking the authenticity of the secure element, the certification body verifies the secure-element signature with its public key.
It is the object of the invention to create a secure method for introducing an identity into a secure element in which the individual personalization of each secure element can be omitted and all secure elements can be programmed identically in the production environment—at least in a first production step.
The object is achieved by a method according to claim 1. Advantageous embodiments of the invention are specified in the dependent claims.
In the method according to claim 1 a universal operating system is introduced into a secure element, preferably in the form of an operating-system memory image. In the introduced operating system or memory image a master key is contained. From the master key, first a secure-element key datum is derived in the secure element, for example in the manner that is known per se.
The method of the invention according to claim 1 is characterized in that a secure-element key datum derived from a master key (e.g. symmetric secure-element key or asymmetric secure-element key signed with the master key, see alternative embodiments according to claims 2 and 3) is valid temporarily only for the initial authentication. Once said authentication has been effected, the temporary secure-element key datum is replaced by a final secure-element key datum. Subsequent authentications can be effected (successfully, i.e. positively) only with the final secure-element key datum. The temporary secure-element key datum becomes invalid. Since the final secure-element key datum is independent of the master key, when a master key is corrupt the final secure-element key data are not corrupt likewise as a result. Rather, there is the possibility of not at all admitting temporary secure-element key data derived from the corrupt master key for generating final secure-element key data. Thereby, secure elements whose underlying master keys have been corrupted are never released permanently for authentication in the mobile communication network, thus are never activated in the mobile communication network.
Therefore, according to claim 1, a secure method for introducing an identity into a secure element is created which can do without individual personalization of each secure element.
The master key is preferably administrated by a certification body, which generates and later verifies the master key.
As ID, for example a hardware identifier of a chip of the secure element can be provided, for example a chip serial number or card serial number.
The initial authentication is effected optionally by the end user when he puts his mobile terminal in operation for the first time with the secure element, in order to activate the secure element in the mobile communication network of his chosen provider and to thereby make his mobile phone operational. Alternatively, the initial authentication, i.e. activation of the secure element, is effected already by the terminal manufacturer, and the terminal is issued to the end customer with an already activated secure element.
In particular, also a method is specified according to a first, symmetric embodiment, according to claim 2, wherein
as the master key a symmetric key of a certification body is provided,
in step b) in the secure element a symmetric, temporary secure-element key is derived from the master key and an individualization datum, in particular an individual datum of the secure element or a random number, as the temporary secure-element key datum, and
in step c) upon the initial authentication, the background system assigns a final ID to the secure element, and a symmetric final secure-element key is generated as the final secure-element key datum either in the background system or in the secure element, and is transmitted to that instance of the secure element and the background system which has not generated the final secure-element key.
Further, also a method is specified according to a second, asymmetric embodiment, according to claim 3, wherein
as the master key, a private key of a certification body is provided,
in step b) in the secure element a temporary public-private key pair is generated comprising a temporary secure-element public key and a temporary secure-element private key, and as the secure-element key datum a temporary secure-element signature is generated by signing the temporary secure-element public key with the master key, and
in step c) in the secure element a final public-private key pair is generated comprising a final secure-element public key and a final secure-element private key, wherein, upon the initial authentication, the final secure-element public key is transmitted to the background system, and wherein as the final secure-element key datum a final secure-element signature is generated in the background system by the background system signing the final secure-element public key with the master key, and wherein the final secure-element signature is transmitted by the background system to the secure element.
In the asymmetric case (claim 3) the certification body generates a public-private master key pair. The private master key of this pair serves for authentication of a signature sent by the secure element, said signature having been generated with the public master key.
The symmetric and the asymmetric embodiments both have the advantage that the final secure-element key datum is generated and loaded into the secure element in coordination with the background system. Thus collisions between identities can be prevented through control on the part of the background system.
In the asymmetric variant of the method the secure-element signature is optionally generated more exactly by the background system signing the concatenation of the final secure-element public key and additionally the ID with the master key. As the ID either the original ID or a final ID newly generated upon the initial authentication can be provided.
In step c) optionally further upon the initial authentication the temporary secure-element key datum is verified in the background system and the final secure-element key datum is derived only in the positive case of a positive verification. Otherwise, in the negative case of erroneous verification no final secure-element key datum is derived. As the negative case it can be provided in particular that the master key, which underlies the freshly verified secure element, has become known as corrupt to the background system. If the temporary secure-element key datum were used directly for permanent authentication, an attacker could generate and distribute large quantities of valid secure-element key data. In the solution according to the invention, a secure element whose temporary secure-element key datum is generated from a corrupt master key is not given a permanently valid secure-element key datum. Thus, the secure element can never be used for making phone calls.
Optionally, the master key is deleted from the secure element after deriving the temporary secure-element key datum, in particular either immediately after deriving the temporary secure-element key datum or at the latest after deriving the final secure-element key datum. Thereby, the master key, which is no longer required anyway, cannot not be spied out from the secure element. When the secure element leaves the secure production environment it preferably no longer contains a master key.
Optionally, the operating system is loaded into the secure element in the form of an operating-system memory image (OS image, OS=operating system).
Optionally, the master key is changed regularly, regularly being determined on the basis of a lapse of time or frequency of use, for example. More specifically, this is for example realized by the master key having a limited validity to the effect that a temporary secure-element key datum that is positively verifiable upon verification can be generated only within the limited validity, in particular within a specified validity period or/and for a specified number of generations of a temporary secure-element key datum.
Optionally, an initial authentication of the secure element vis-à-vis the background system is carried out employing the temporary secure-element key datum, whereupon the temporary secure-element key datum is replaced by the final secure-element key datum and the secure element is activated for authentication in the mobile communication network. Through the activation the secure element can be employed permanently in the mobile communication network, in particular for telephone calls, data exchange, and the like. The term permanently is understood here to mean that any limitations of use such as an expiration of contract, SIM lock, contract termination by not topping up credit or the like are taken into account, and the activation is nevertheless regarded as “permanent” within the meaning of the invention.
Optionally, the ID is configured as a temporary ID, in particular as a temporary ID which is identical for all or a plurality of secure elements, wherein the temporary ID is replaced by a final ID upon initial authentication. Thereby, the entire identity (comprising ID and secure-element key datum) is replaced upon initial authentication, from a temporary identity to a final identity. This embodiment can be used particularly advantageously in a scenario in which an entire batch of secure elements is first equipped with one and the same identical identity. This makes the production of the secure elements easy, quick and inexpensive. The secure elements are made distinguishable by final, unique identities only upon initial authentication.
In the following the invention will be explained in more detail on the basis of embodiment examples and with reference to the drawing, in which there are shown:
In a step 1, which is effected in a production environment at the manufacturer of the secure element, a memory image OS[MK] of an operating system OS is provided in the background system HS1 of the manufacturer. The memory image OS[MK] contains a master key MK. The memory image OS[MK] is loaded into the secure element SE and implemented there. On the occasion of the initial startup of the operating system OS, a temporary secure-element key datum DK is derived from the master key MK, employing a chip serial number ChipID. The master key MK is deleted from the secure element SE. The secure element SE is now delivered to a trader, and eventually to a user (end user), or directly to a user (end user). In an embedded secure element eUICC the entire mobile terminal ME is delivered with the secure element to the trader or user. As mentioned, alternatively, the secure element SE can be activated by the terminal manufacturer ( steps 2, 3, 4 described below) and can be issued to the trader or end customer only then.
In a step 2, the user puts his mobile terminal ME with the secure element SE in operation and causes the activation of its secure element in the background system HS2 of his network operator (which is usually different from the background system of the manufacture of the secure element). For activation, the user sends an authentication request with the temporary secure-element key datum DK to the background system HS2 of his network operator.
In a step 3, the background system HS2 of the network operator checks the authentication request, in the positive case generates a final secure-element key datum SK and a final secure element ID SE-ID and invalidates the temporary secure-element key datum DK, thus rendering it invalid. In a step 4, the background system HS2 sends the final secure-element key datum SK to the secure element SE. According to a variant of the method, in step 4 only a final secure element ID SE-ID is generated by the background system and sent to the secure element SE, and in the secure element SE the final secure-element key datum SK is generated. The mobile terminal ME is now ready for use.
In a step 5 the user makes a phone call with the mobile terminal ME, thereby carrying out an authentication with the final secure-element key datum SK vis-à-vis the background system HS2.
Claims (8)
1. A method for introducing an identity into a secure element, wherein
the secure element is prepared for authenticating a mobile terminal in which the secure element is operated vis-à-vis a background system of the mobile communication network,
the identity includes an ID and a secure-element key datum, and
the secure-element key datum is adapted to carry out the authentication,
a) into the secure element an operating system is loaded which comprises a master key which is identical for a plurality of secure elements, the operating system comprising the master key being loaded from a first server controlled by an entity that generates the operating system comprising the master key,
b) the secure-element key datum is generated employing the master key after which the master key is completely deleted from the secure element operating system, the master key being completely deleted from the secure element while the secure-element is under the control of the entity that generates the operating system comprising the master key,
wherein
c) the secure-element key datum is configured as a temporary secure-element key datum, which, upon an initial authentication of the secure element vis-à-vis the background system employing the temporary secure-element key datum, is replaced by a final secure-element key datum which is independent of the master key and is generated after the master key has been deleted, and is itself rendered invalid for further authentications, wherein the final secure-element key datum is loaded from a second server that is different from the first server and is part of the background system of the mobile communication network, network,
wherein:
as the master key a private key of a certification body is provided,
in step b) in the secure element a temporary public-private key pair is generated, comprising a temporary secure-element public key and a temporary secure-element private key, and as the secure-element key datum a secure-element signature is generated by signing the temporary secure-element public key with the master key, and
in step c) in the secure element a final public-private key pair is generated, comprising a final secure-element public key and a final secure-element private key, wherein, upon the initial authentication, the final secure-element public key is transmitted to the background system, and wherein as the final secure-element key datum a final secure-element signature is generated in the background system by the background system signing the final secure-element public key with the master key, and wherein the final secure-element signature is transmitted by the background system to the secure element.
2. The method according to claim 1 , wherein the secure-element signature is generated more exactly by the background system signing the concatenation of the final secure-element public key and the ID with the master key, wherein as the ID there is provided either the ID or a final ID generated upon the initial authentication.
3. The method according to claim 1 , wherein in step c) upon the initial authentication, the temporary secure-element key datum is verified by the background system and the final secure-element key datum is derived only in the positive case of a positive verification, and otherwise no final secure-element key datum is derived.
4. The method according to claim 1 , wherein the master key is deleted from the secure element after deriving the temporary secure-element key datum, and therein either immediately after deriving the temporary secure-element key datum or at the latest after deriving the final secure-element key datum.
5. The method according to claim 1 , wherein the operating system is loaded into the secure element in the form of an operating-system memory image.
6. The method according to claim 1 , wherein the master key has a limited validity to the effect that a temporary secure-element key datum which is positively verifiable upon a verification can be generated at most within the limited validity, within a specified period of validity and/or for a specified number of generations of a temporary secure-element key datum.
7. The method according to claim 1 , wherein an initial authentication of the secure element vis-à-vis the background system is effected employing the temporary secure-element key datum, whereupon the temporary secure-element key datum is replaced by the final secure-element key datum and the secure element is activated for authentication in the mobile communication network.
8. The method according to claim 1 , wherein the ID is configured as a temporary ID identical for the or for a plurality of secure elements, and wherein upon the initial authentication the temporary ID is replaced by a final ID.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DE102014018867 | 2014-12-16 | ||
| DE102014018867.1 | 2014-12-16 | ||
| DE102014018867.1A DE102014018867A1 (en) | 2014-12-16 | 2014-12-16 | Introduce an identity into a secure element |
| PCT/EP2015/002581 WO2016096146A1 (en) | 2014-12-16 | 2015-12-15 | Introducing an identity into a secure element |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| US20170374063A1 US20170374063A1 (en) | 2017-12-28 |
| US10637851B2 true US10637851B2 (en) | 2020-04-28 |
Family
ID=55027691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US15/536,247 Active 2036-07-24 US10637851B2 (en) | 2014-12-16 | 2015-12-15 | Introducing an identity into a secure element |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US10637851B2 (en) |
| EP (1) | EP3235275B1 (en) |
| CN (1) | CN107005409B (en) |
| DE (1) | DE102014018867A1 (en) |
| WO (1) | WO2016096146A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108696361B (en) * | 2018-04-24 | 2022-02-22 | 北京小米移动软件有限公司 | Configuration method, generation method and device of smart card |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5367148A (en) * | 1986-04-18 | 1994-11-22 | Cias, Inc. | Counterfeit detection using ID numbers with at least one random portion |
| US20020018569A1 (en) * | 1998-12-04 | 2002-02-14 | Prakash Panjwani | Enhanced subscriber authentication protocol |
| EP1365537A1 (en) | 2002-05-24 | 2003-11-26 | Swisscom Mobile AG | Systems and method for certifying digital signatures |
| US20050083846A1 (en) * | 2003-10-15 | 2005-04-21 | Microsoft Corporation | Dynamic online subscription for wireless wide-area networks |
| US20060233364A1 (en) * | 2002-07-29 | 2006-10-19 | Jan Camenisch | Fine-grained forward-secure signature scheme |
| US20090019284A1 (en) * | 2005-03-09 | 2009-01-15 | Electronics And Telecommunications Research Instit | Authentication method and key generating method in wireless portable internet system |
| DE102008024798A1 (en) | 2008-05-23 | 2009-12-17 | T-Mobile International Ag | Method for over-the-air personalization of smart cards in telecommunications |
| US20100190473A1 (en) * | 2009-01-27 | 2010-07-29 | Ntt Docomo, Inc. | Radio communications system and method |
| WO2011076491A1 (en) | 2009-12-21 | 2011-06-30 | Siemens Aktiengesellschaft | Device and method for securing a negotiation of at least one cryptographic key between units |
| WO2013124194A1 (en) | 2012-02-24 | 2013-08-29 | Alcatel Lucent | Smart card initial personnalization |
| US20130275973A1 (en) * | 2010-09-06 | 2013-10-17 | Fonleap Limited | Virtualisation system |
| WO2014094615A1 (en) | 2012-12-20 | 2014-06-26 | Hangzhou H3C Technologies Co., Ltd. | Establishing wlan association |
| GB2512944A (en) | 2013-04-12 | 2014-10-15 | Mastercard International Inc | Systems and methods for outputting information on a display of a mobile device |
| US20150020158A1 (en) * | 2013-07-09 | 2015-01-15 | Empire Technology Development Llc | Shared secret techniques for ubiquitous computing devices |
| US9646172B1 (en) * | 2016-11-15 | 2017-05-09 | Envieta Systems LLC | Data storage system for securely storing data records |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| IL157886A0 (en) * | 2003-09-11 | 2009-02-11 | Bamboo Mediacasting Ltd | Secure multicast transmission |
| JP2009505271A (en) * | 2005-08-19 | 2009-02-05 | サムスン エレクトロニクス カンパニー リミテッド | Method for performing multiple PSK-based authentications in a single process and system for performing this method |
| DE102006024041B4 (en) * | 2006-05-23 | 2016-04-07 | Giesecke & Devrient Gmbh | Method for personalizing a security module of a telecommunication terminal |
| US20090282251A1 (en) * | 2008-05-06 | 2009-11-12 | Qualcomm Incorporated | Authenticating a wireless device in a visited network |
| CN102065423B (en) * | 2010-12-13 | 2013-07-10 | 中国联合网络通信集团有限公司 | Node access authentication method, access authenticated node, access node and communication system |
| DE102011010627A1 (en) * | 2011-02-08 | 2012-08-09 | Giesecke & Devrient Gmbh | Method of programming a mobile terminal chip |
-
2014
- 2014-12-16 DE DE102014018867.1A patent/DE102014018867A1/en not_active Withdrawn
-
2015
- 2015-12-15 CN CN201580068112.3A patent/CN107005409B/en active Active
- 2015-12-15 EP EP15817078.7A patent/EP3235275B1/en active Active
- 2015-12-15 US US15/536,247 patent/US10637851B2/en active Active
- 2015-12-15 WO PCT/EP2015/002581 patent/WO2016096146A1/en active Application Filing
Patent Citations (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5367148A (en) * | 1986-04-18 | 1994-11-22 | Cias, Inc. | Counterfeit detection using ID numbers with at least one random portion |
| US20020018569A1 (en) * | 1998-12-04 | 2002-02-14 | Prakash Panjwani | Enhanced subscriber authentication protocol |
| EP1365537A1 (en) | 2002-05-24 | 2003-11-26 | Swisscom Mobile AG | Systems and method for certifying digital signatures |
| US20030221104A1 (en) | 2002-05-24 | 2003-11-27 | Swisscom Mobile Ag | Cryptographic security method and electronic devices suitable therefor |
| US7225337B2 (en) | 2002-05-24 | 2007-05-29 | Swisscom Mobile Ag | Cryptographic security method and electronic devices suitable therefor |
| US20060233364A1 (en) * | 2002-07-29 | 2006-10-19 | Jan Camenisch | Fine-grained forward-secure signature scheme |
| US20050083846A1 (en) * | 2003-10-15 | 2005-04-21 | Microsoft Corporation | Dynamic online subscription for wireless wide-area networks |
| US20090019284A1 (en) * | 2005-03-09 | 2009-01-15 | Electronics And Telecommunications Research Instit | Authentication method and key generating method in wireless portable internet system |
| US20110136482A1 (en) | 2008-05-23 | 2011-06-09 | Stefan Kaliner | Method for over-the-air personalizing of chip cards in telecommunications |
| DE102008024798A1 (en) | 2008-05-23 | 2009-12-17 | T-Mobile International Ag | Method for over-the-air personalization of smart cards in telecommunications |
| US8571537B2 (en) | 2008-05-23 | 2013-10-29 | Deutsche Telekom Ag | Method for over-the-air personalizing of chip cards in telecommunications |
| US20100190473A1 (en) * | 2009-01-27 | 2010-07-29 | Ntt Docomo, Inc. | Radio communications system and method |
| WO2011076491A1 (en) | 2009-12-21 | 2011-06-30 | Siemens Aktiengesellschaft | Device and method for securing a negotiation of at least one cryptographic key between units |
| US20120257757A1 (en) | 2009-12-21 | 2012-10-11 | Gessner Juergen | Device and method for securing a negotiation of at least one cryptographic key between units |
| US8837740B2 (en) | 2009-12-21 | 2014-09-16 | Siemens Aktiengesellschaft | Device and method for securing a negotiation of at least one cryptographic key between units |
| US20130275973A1 (en) * | 2010-09-06 | 2013-10-17 | Fonleap Limited | Virtualisation system |
| WO2013124194A1 (en) | 2012-02-24 | 2013-08-29 | Alcatel Lucent | Smart card initial personnalization |
| WO2014094615A1 (en) | 2012-12-20 | 2014-06-26 | Hangzhou H3C Technologies Co., Ltd. | Establishing wlan association |
| GB2512944A (en) | 2013-04-12 | 2014-10-15 | Mastercard International Inc | Systems and methods for outputting information on a display of a mobile device |
| US20150020158A1 (en) * | 2013-07-09 | 2015-01-15 | Empire Technology Development Llc | Shared secret techniques for ubiquitous computing devices |
| US9646172B1 (en) * | 2016-11-15 | 2017-05-09 | Envieta Systems LLC | Data storage system for securely storing data records |
Non-Patent Citations (4)
| Title |
|---|
| Bin et al., "Data Security Analysis of the Mass Producing Process of Smart Cards," IEEE 2010 International Conference on E-Business and E-Government, pp. 1316-1319, URL: http://ieeexplore.iee.org/stamp.jsp?tp=&arnumber=5591112. |
| German Office Action for corresponding German Application No. 102014018867.1, dated Oct. 5, 2015. |
| International Search Report for corresponding International PCT Application No. PCT/EP2015/002581, dated Mar. 7, 2016. |
| Matsunaka et al., "Device Authentication and Registration Method Assisted by a Cellular System for User-driven Service Creation Architecture," IEEE 2009 Consumer Communications and Networking Conference, Jan. 10, 2009, pp. 1-5. |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107005409B (en) | 2020-11-03 |
| DE102014018867A1 (en) | 2016-06-16 |
| EP3235275B1 (en) | 2019-11-06 |
| CN107005409A (en) | 2017-08-01 |
| WO2016096146A1 (en) | 2016-06-23 |
| EP3235275A1 (en) | 2017-10-25 |
| US20170374063A1 (en) | 2017-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2515809C2 (en) | Methods for facilitating secure self-initialisation of subscriber devices in communication system | |
| KR20190127676A (en) | Authentication method and blockchain-based authentication data processing method and device | |
| CN109417545B (en) | Method, security module, mobile terminal and medium for downloading a network access profile | |
| US10050791B2 (en) | Method for verifying the identity of a user of a communicating terminal and associated system | |
| US10630488B2 (en) | Method and apparatus for managing application identifier | |
| US20080003980A1 (en) | Subsidy-controlled handset device via a sim card using asymmetric verification and method thereof | |
| US20150089214A1 (en) | Enhanced authentication and/or enhanced identification of a secure element of a communication device | |
| US11051162B2 (en) | Method for anonymously identifying a security module | |
| SG176839A1 (en) | Method for registering a mobile radio in a mobile radio network | |
| KR20200085230A (en) | Holistic module authentication with a device | |
| WO2013182154A1 (en) | Method, system and terminal for encrypting/decrypting application program on communication terminal | |
| TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
| CN104660412A (en) | Password-less security authentication method and system for mobile equipment | |
| CN111630882A (en) | Method for determining a key for protecting a communication between a user equipment and an application server | |
| WO2019056971A1 (en) | Authentication method and device | |
| US10579984B2 (en) | Method for making contactless transactions secure | |
| CN108769043B (en) | Trusted application authentication system and trusted application authentication method | |
| US9716707B2 (en) | Mutual authentication with anonymity | |
| US10637851B2 (en) | Introducing an identity into a secure element | |
| CN105245526B (en) | Call the method and apparatus of SIM card application | |
| CN109936522B (en) | Equipment authentication method and equipment authentication system | |
| CN103843378A (en) | Method for binding secure device to a wireless phone | |
| KR101607234B1 (en) | System and method for user authentication | |
| US20240129743A1 (en) | Method for personalizing a secure element | |
| KR101710722B1 (en) | Method for Operating Mobile OTP using Contactless Media |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment |
Owner name: GIESECKE & DEVRIENT GMBH, GERMANY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WIMBOECK, ULRICH;RUDOLPH, JENS;SIGNING DATES FROM 20170413 TO 20170418;REEL/FRAME:042722/0013 |
|
| AS | Assignment |
Owner name: GIESECKE+DEVRIENT MOBILE SECURITY GMBH, GERMANY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GIESECKE DEVRIENT GMBH;REEL/FRAME:043230/0485 Effective date: 20170707 Owner name: GIESECKE+DEVRIENT MOBILE SECURITY GMBH, GERMANY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GIESECKE & DEVRIENT GMBH;REEL/FRAME:043230/0485 Effective date: 20170707 |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
| STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
| STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
| MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |